Merge pull request #9661 from gyuho/dont-log-password

etcdserver: not print password in the warning message of expensive request
2024-09-27 06:25:44 +00:00 · 2018-05-01 09:21:50 +02:00 · 2018-05-01 09:21:50 +02:00 · ad060a84ad
commit ad060a84ad
parent fd7e7a01ad a9225c164a
3 changed files with 61 additions and 4 deletions
--- a/etcdserver/apply.go
+++ b/etcdserver/apply.go
@ -27,9 +27,9 @@ import (
 	"github.com/coreos/etcd/mvcc"
 	"github.com/coreos/etcd/mvcc/mvccpb"
 	"github.com/coreos/etcd/pkg/types"
-	"go.uber.org/zap"

 	"github.com/gogo/protobuf/proto"
+	"go.uber.org/zap"
 )

 const (
@ -109,7 +109,7 @@ func (s *EtcdServer) newApplierV3() applierV3 {
 }

 func (a *applierV3backend) Apply(r *pb.InternalRaftRequest) *applyResult {
-	defer warnOfExpensiveRequest(a.s.getLogger(), time.Now(), r)
+	defer warnOfExpensiveRequest(a.s.getLogger(), time.Now(), &pb.InternalRaftStringer{Request: r})

 	ar := &applyResult{}

--- a/etcdserver/etcdserverpb/raft_internal_stringer.go
+++ b/etcdserver/etcdserverpb/raft_internal_stringer.go
@ -0,0 +1,58 @@
+// Copyright 2018 The etcd Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package etcdserverpb
+
+import "fmt"
+
+// InternalRaftStringer implements custom proto Stringer:
+// redact password, shorten output(TODO).
+type InternalRaftStringer struct {
+	Request *InternalRaftRequest
+}
+
+func (as *InternalRaftStringer) String() string {
+	switch {
+	case as.Request.LeaseGrant != nil:
+		return fmt.Sprintf("header:<%s> lease_grant:<ttl:%d-second id:%016x>",
+			as.Request.Header.String(),
+			as.Request.LeaseGrant.TTL,
+			as.Request.LeaseGrant.ID,
+		)
+	case as.Request.LeaseRevoke != nil:
+		return fmt.Sprintf("header:<%s> lease_revoke:<id:%016x>",
+			as.Request.Header.String(),
+			as.Request.LeaseRevoke.ID,
+		)
+	case as.Request.Authenticate != nil:
+		return fmt.Sprintf("header:<%s> authenticate:<name:%s simple_token:%s>",
+			as.Request.Header.String(),
+			as.Request.Authenticate.Name,
+			as.Request.Authenticate.SimpleToken,
+		)
+	case as.Request.AuthUserAdd != nil:
+		return fmt.Sprintf("header:<%s> auth_user_add:<name:%s>",
+			as.Request.Header.String(),
+			as.Request.AuthUserAdd.Name,
+		)
+	case as.Request.AuthUserChangePassword != nil:
+		return fmt.Sprintf("header:<%s> auth_user_change_password:<name:%s>",
+			as.Request.Header.String(),
+			as.Request.AuthUserChangePassword.Name,
+		)
+	default:
+		// nothing to redact
+	}
+	return as.Request.String()
+}
--- a/etcdserver/v3_server.go
+++ b/etcdserver/v3_server.go
@ -21,8 +21,6 @@ import (
 	"fmt"
 	"time"

-	"go.uber.org/zap"
-
 	"github.com/coreos/etcd/auth"
 	pb "github.com/coreos/etcd/etcdserver/etcdserverpb"
 	"github.com/coreos/etcd/etcdserver/membership"
@ -32,6 +30,7 @@ import (
 	"github.com/coreos/etcd/raft"

 	"github.com/gogo/protobuf/proto"
+	"go.uber.org/zap"
 )

 const (